public void ProcessAuthorizationHeaderFailWrongSchema() { var authResults = AwsCredentialsAuthenticationHandler.ProcessAuthorizationHeader("wrong-schema value", new NoEncryptionProvider()); Assert.False(authResults.Succeeded); Assert.Contains("Unsupported authorization schema", authResults.Failure.Message); }
public void ProcessAuthorizationHeaderFailNoSchema() { var authResults = AwsCredentialsAuthenticationHandler.ProcessAuthorizationHeader("no-schema-value", new NoEncryptionProvider()); Assert.False(authResults.Succeeded); Assert.Contains("Incorrect format Authorization header", authResults.Failure.Message); }
public void AuthInvalidFormatForIssueDate() { var authValue = MockAuthorizationHeaderValue("access", "secret", null, "not a date"); var authResults = AwsCredentialsAuthenticationHandler.ProcessAuthorizationHeader(authValue, new NoEncryptionProvider()); Assert.False(authResults.Succeeded); Assert.Equal("Failed to parse issue date", authResults.Failure.Message); }
public void AuthFutureIssueDate() { var authValue = MockAuthorizationHeaderValue("access", "secret", null, DateTime.UtcNow.AddMinutes(5)); var authResults = AwsCredentialsAuthenticationHandler.ProcessAuthorizationHeader(authValue, new NoEncryptionProvider()); Assert.False(authResults.Succeeded); Assert.Equal("Issue date invalid set in the future", authResults.Failure.Message); }
public void AuthMissingIssueDate() { var authValue = MockAuthorizationHeaderValue("access", "secret", null, null); var authResults = AwsCredentialsAuthenticationHandler.ProcessAuthorizationHeader(authValue, new NoEncryptionProvider()); Assert.False(authResults.Succeeded); Assert.Equal($"Authorization header missing {AwsCredentialsAuthenticationHandler.ClaimAwsIssueDate} property", authResults.Failure.Message); }
public void ProcessAuthorizationHeaderFailInValidJson() { var base64BadJson = Convert.ToBase64String(UTF8Encoding.UTF8.GetBytes("you are not json")); var authResults = AwsCredentialsAuthenticationHandler.ProcessAuthorizationHeader($"aws-deploy-tool-server-mode {base64BadJson}", new NoEncryptionProvider()); Assert.False(authResults.Succeeded); Assert.Equal("Error decoding authorization value", authResults.Failure.Message); }
public void ProcessAuthorizationHeaderSuccess() { var request = new HttpRequestMessage(); var creds = new ImmutableCredentials("accessKeyId", "secretKey", "token"); ServerModeHttpClientAuthorizationHandler.AddAuthorizationHeader(request, creds); if (!request.Headers.TryGetValues("Authorization", out var value)) { throw new Exception("Missing Authorization header"); } var authResults = AwsCredentialsAuthenticationHandler.ProcessAuthorizationHeader(value.FirstOrDefault(), new NoEncryptionProvider()); Assert.True(authResults.Succeeded); }
public void AuthPassCredentialsEncrypted() { var aes = Aes.Create(); var request = new HttpRequestMessage(); var creds = new ImmutableCredentials("accessKeyId", "secretKey", "token"); ServerModeHttpClientAuthorizationHandler.AddAuthorizationHeader(request, creds, aes); if (!request.Headers.TryGetValues("Authorization", out var value)) { throw new Exception("Missing Authorization header"); } var authPayloadBase64 = value.FirstOrDefault().Split(' ')[1]; var authPayload = Encoding.UTF8.GetString(Convert.FromBase64String(authPayloadBase64)); // This should fail because the payload is encrypted. Assert.Throws <JsonReaderException>(() => JsonConvert.DeserializeObject(authPayload)); var authResults = AwsCredentialsAuthenticationHandler.ProcessAuthorizationHeader(value.FirstOrDefault(), new AesEncryptionProvider(aes)); Assert.True(authResults.Succeeded); var accessKeyId = authResults.Principal.Claims.FirstOrDefault(x => string.Equals(AwsCredentialsAuthenticationHandler.ClaimAwsAccessKeyId, x.Type))?.Value; Assert.Equal(creds.AccessKey, accessKeyId); var secretKey = authResults.Principal.Claims.FirstOrDefault(x => string.Equals(AwsCredentialsAuthenticationHandler.ClaimAwsSecretKey, x.Type))?.Value; Assert.Equal(creds.SecretKey, secretKey); var token = authResults.Principal.Claims.FirstOrDefault(x => string.Equals(AwsCredentialsAuthenticationHandler.ClaimAwsSessionToken, x.Type))?.Value; Assert.Equal(creds.Token, token); }